A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.

The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers’ license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.

There’s no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.

T-Mobile CEO John Legere reacted strongly to the breach and suggested the carrier wants to quickly replace Experian as a service provider.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but the carrier’s top concern now is helping the people affected, Legere wrote in an open letter on T-Mobile’s site. The carrier also posted an information page for people concerned about the breach.

T-Mobile said anyone who thinks they may have been affected could sign up for two years of free credit monitoring and identity resolution services from ProtectMyID, which itself is a division of Experian. That offer drew fire on Twitter.

“I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow,” Legere tweeted on Thursday afternoon. The other option would also be free, he wrote.

The breach didn’t involve payment card numbers or bank account information, the companies said. T-Mobile said its own systems and network weren’t involved. Experian stored the credit application information to assist with credit decisions and was required to keep it for at least 25 months, according to T-Mobile.

In July, a Vietnamese man was sentenced to 13 months in federal prison in for a breach of 200 million personal records at Court Ventures, an Experian subsidiary.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.